mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 09:37:42 +01:00
Upgrade/Install: Add more context in signature verify failures.
This includes version numbers and signature counts in error reports, to help diagnose isolated failures that have no apparent cause. Props dd32. See #39309. Built from https://develop.svn.wordpress.org/trunk@45112 git-svn-id: http://core.svn.wordpress.org/trunk@44921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
4601e178e5
commit
23fe2800cc
@ -1154,6 +1154,9 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
|
||||
/* translators: 1: The filename of the package. */
|
||||
__( 'The authenticity of %1$s could not be verified as no signature was found.' ),
|
||||
'<span class="code">' . esc_html( $filename_for_errors ) . '</span>'
|
||||
),
|
||||
array(
|
||||
'filename' => $filename_for_errors,
|
||||
)
|
||||
);
|
||||
}
|
||||
@ -1163,11 +1166,14 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
|
||||
|
||||
mbstring_binary_safe_encoding();
|
||||
|
||||
$skipped_key = $skipped_signature = 0;
|
||||
|
||||
foreach ( (array) $signatures as $signature ) {
|
||||
$signature_raw = base64_decode( $signature );
|
||||
|
||||
// Ensure only valid-length signatures are considered.
|
||||
if ( SODIUM_CRYPTO_SIGN_BYTES !== strlen( $signature_raw ) ) {
|
||||
$skipped_signature++;
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -1176,6 +1182,7 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
|
||||
|
||||
// Only pass valid public keys through.
|
||||
if ( SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES !== strlen( $key_raw ) ) {
|
||||
$skipped_key++;
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -1197,10 +1204,14 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
|
||||
),
|
||||
// Error data helpful for debugging:
|
||||
array(
|
||||
'filename' => $filename_for_errors,
|
||||
'keys' => $trusted_keys,
|
||||
'signatures' => $signatures,
|
||||
'hash' => bin2hex( $file_hash ),
|
||||
'filename' => $filename_for_errors,
|
||||
'keys' => $trusted_keys,
|
||||
'signatures' => $signatures,
|
||||
'hash' => bin2hex( $file_hash ),
|
||||
'skipped_key' => $skipped_key,
|
||||
'skipped_sig' => $skipped_signature,
|
||||
'php' => phpversion(),
|
||||
'sodium' => defined( 'SODIUM_LIBRARY_VERSION' ) ? SODIUM_LIBRARY_VERSION : ( defined( 'ParagonIE_Sodium_Compat::VERSION_STRING' ) ? ParagonIE_Sodium_Compat::VERSION_STRING : false ),
|
||||
)
|
||||
);
|
||||
}
|
||||
@ -1210,7 +1221,7 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
|
||||
*
|
||||
* @since 5.2.0
|
||||
*
|
||||
* @return array List of hex-encoded Signing keys.
|
||||
* @return array List of base64-encoded Signing keys.
|
||||
*/
|
||||
function wp_trusted_keys() {
|
||||
$trusted_keys = array();
|
||||
|
@ -13,7 +13,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '5.2-beta1-45111';
|
||||
$wp_version = '5.2-beta1-45112';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
Loading…
Reference in New Issue
Block a user